GIS Hallstahammar
2017-05-09 11:08:48 UTC
Hi,
First some information about our setup:
GeoServer: 2.11.0
Java: 1.8.0_92 (64 bits)
OS: Windows Server 2012 R2
Web server: Apache httpd 2.4.25
Application server: Tomcat 8.5
We are trying to get LDAP working with authentication through the use of
headers. LDAP works fine when we login using the web interface, we are
assigned the correct roles and can access layers that are secured.
Following this guide: http://docs.geoserver.org/latest/en/user/security/tut
orials/credentialsfromheaders/index.html we are able to get it to work with
headers using local users (we can use curl and send authentication headers
and it returns the response of GetCapabilities). This is the curl command
used:
curl -v -H "X-Credentials: private-user=admin&private-pw=geoserver" "
http://localhost:8080/geoserver/wms?service=WMS&version=1.1.1&request=
GetCapabilities"
However, if we try using an active directory user, we encounter the
following message (from Tomcats' log):
08-May-2017 16:37:32.854 SEVERE [http-nio-8080-exec-1]
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for
servlet [dispatcher] in context with path [/geoserver] threw exception
at org.geoserver.security.filter.GeoServerCredentialsFromReques
tHeaderFilter.doAuthenticate(GeoServerCredentialsFromRequest
HeaderFilter.java:165)
java.lang.ClassCastException: org.springframework.security.c
ore.authority.SimpleGrantedAuthority cannot be cast to
org.geoserver.security.impl.GeoServerRole
Full Tomcat log is available here: https://pastebin.com/hUXPSFLL
However. in the GeoServer log it says the user was successfully logged in
just moments before:
2017-05-08 16:37:32,839 TRACE [geoserver.security] - logged in as USER
Any ideas on what might be causing this?
Any help or input is appreciated.
Thanks,
Markus.
First some information about our setup:
GeoServer: 2.11.0
Java: 1.8.0_92 (64 bits)
OS: Windows Server 2012 R2
Web server: Apache httpd 2.4.25
Application server: Tomcat 8.5
We are trying to get LDAP working with authentication through the use of
headers. LDAP works fine when we login using the web interface, we are
assigned the correct roles and can access layers that are secured.
Following this guide: http://docs.geoserver.org/latest/en/user/security/tut
orials/credentialsfromheaders/index.html we are able to get it to work with
headers using local users (we can use curl and send authentication headers
and it returns the response of GetCapabilities). This is the curl command
used:
curl -v -H "X-Credentials: private-user=admin&private-pw=geoserver" "
http://localhost:8080/geoserver/wms?service=WMS&version=1.1.1&request=
GetCapabilities"
However, if we try using an active directory user, we encounter the
following message (from Tomcats' log):
08-May-2017 16:37:32.854 SEVERE [http-nio-8080-exec-1]
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for
servlet [dispatcher] in context with path [/geoserver] threw exception
at org.geoserver.security.filter.GeoServerCredentialsFromReques
tHeaderFilter.doAuthenticate(GeoServerCredentialsFromRequest
HeaderFilter.java:165)
java.lang.ClassCastException: org.springframework.security.c
ore.authority.SimpleGrantedAuthority cannot be cast to
org.geoserver.security.impl.GeoServerRole
Full Tomcat log is available here: https://pastebin.com/hUXPSFLL
However. in the GeoServer log it says the user was successfully logged in
just moments before:
2017-05-08 16:37:32,839 TRACE [geoserver.security] - logged in as USER
Any ideas on what might be causing this?
Any help or input is appreciated.
Thanks,
Markus.